HTTPS when behind a reverse HTTPS proxy

[Oline]

When using your plugin behind a configuration using a HTTPS reverse proxy (only used to handle TLS), I get a "Mixed active content" in my browser that doesn't let the website to show the OSMap. I think that the problem comes from the way you get the protocol used by the client.

My guess is that you get the protocol from the local webserver (which is HTTP in the local webserver) but don't get the one really used by the client browser (which is HTTPS in thanks to the reverse proxy) when you forge your own uri. You can use the "HTTP_X_FORWARDED_PROTO" server variable to get the right protocol used by the client (seems to be the right way to do it, but not sure of it).

After a quick look at the plugin code, the problem could come from the function get_root_url() from piwigo not giving the right information, but I'm not sure of it.

[xbgmsharp]

When do you have this issue? when show the map on the picture page or on the WorldMap or in the admin menu? I assume you refer to the picture page. In this case, note that not all tiles support HTTPS. Which on do you used? See include/functions_map.php line 292. https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/include/functions_map.php#L292

What happen if you hardcode the HTTPS protocol for the OSM_PATH and MYROOT_URL (seen a bad copy of the previous, I will check on that one), does that work, see include/functions_map.php line 528. https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/include/functions_map.php#L528

[Oline]

I have this issue on every pages, except the admin page when using mapnik. I looked into the code to check that mapnik is the only one available on HTTPS (as said in issu #21). So I only use mapnik when using HTTPS connection. I only tried to use custom url forcing HTTPS (issu #21).

From Firefox web console, when using HTTPS connection, I get : (mixed active content) « http://www.example.com/piwigo/plugins/piwigo-openstreetmap/leaflet/leaflet.css » [...] (mixed active content) « http://www.example.com/piwigo/plugins/piwigo-openstreetmap/leaflet/leaflet.js »

I guess the forge of these uri has a problem, but I don't know where in the code they are forged.

I tried to hardcode OSM_PATH and MYROOT_URL as you said using HTTPS, but the mixed active content problem when trying to load leaflet stay the same. I'll try to fix that bug first if possible.

Can you tell me where happen the forge of the leaflet url to load CSS and JS stuff?

Thanks for your help :)

[xbgmsharp]

As your gallery is configure to use HTTP, then PWG function return the HTTP URL. However I do wonder why you have the issue only with this plugin.

Your issue is accessing all the content. The full PATH is generate in the file below via OSM_PATH https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/template/osm-picture.tpl#L2 https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/include/functions_map.php#L528

I believe the best would be to not specify the schema HTTP or HTTPS and let the browser do it, like done here, https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/template/osm-gpx.tpl#L2

In include/functions_map.php line 528, instead of https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/include/functions_map.php#L528

             'OSM_PATH'         => embellish_url(get_absolute_root_url().OSM_PATH)

Do something like:

preg_match("/:/", embellish_url(get_absolute_root_url().OSM_PATH, $URI);
...
             'OSM_PATH'         => $URI[1]

Or even:

             'OSM_PATH'         => OSM_PATH

Could please test and feedback?

[Oline]

I don't really know why I have problem only with that plugin. If you have suggestion of other plugin I should test to check if only this one behave like that, tell me.

If I hardcode uri with HTTPS in the template files, everything start to work.

But if I change in : https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/include/functions_map.php#L528 nothing change in the resulting pages... It is like modifying 'OSM_PATH' => ... do not change anything. I tried both ways you proposed, but in both cases, I get HTTP uri in the resulting page.

[Oline]

After digging into the code, I understood that there was different OSM_PATH variables assigned depending on the page you are on (picture, menu, categories, ...). Because the root cause seems to be the function get_absolute_root_url(), I changed it to force HTTPS everywhere and everything worked without any change in your plugin. The problem is that their function doesn't support HTTPS on reverse proxies (like most web apps out there).

I close this issue and I will open one on the piwigo main issue tracker.

Thank a lot for your help finding the root cause. (and yes, I don't really get why only your plugin is triggering this behavior).

[xbgmsharp]

I really wonder why this only happen on OSM plugin. I have the exact same code on VIDEOJS plugin. https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/picture.inc.php#L143 https://github.com/xbgmsharp/piwigo-videojs/blob/master/main.inc.php#L392

[xbgmsharp]

I found the difference. OSM was using get_absolute_root_url() and VIDEOJS use get_gallery_home_url()

In picture.inc.php line143, instead of https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/picture.inc.php#L143

            'OSM_PATH'         => embellish_url(get_absolute_root_url().OSM_PATH),

Do something like:

            'OSM_PATH'         => embellish_url(get_gallery_home_url().OSM_PATH),

Would you be able to test and feedback? Works ok on my dev box, if it works for you, I will change across all file and commit the fix.

[xbgmsharp]

I apply the fix on all OSM_PATH via commit cd8dd8b It now provide the PATH and not full URI.